Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: php Clear
ID Title
CVE-2017-12856 Cross-Site Scripting (XSS) in c (CVE-2017-12856)
cross-site scripting in c (CVE-2017-12856). Risk of unauthorized operations or information disclosure.
CVE-2017-10844 Code Injection in basercms (CVE-2017-10844)
code injection in basercms (CVE-2017-10844). Successful exploitation can lead to full system takeover.
CVE-2014-7860 Information Disclosure in d-link (CVE-2014-7860)
vulnerability in d-link (CVE-2014-7860). Risk of unauthorized operations or information disclosure.
CVE-2015-3211 php-fpm allows local users to write to or create arbitrary files via a symlink attack.
php-fpm allows local users to write to or create arbitrary files via a symlink attack.
CVE-2015-4180 Path Traversal in path-traversal (CVE-2015-4180)
path traversal in path-traversal (CVE-2015-4180). Confidential information can be exposed externally.
CVE-2015-4181 Path Traversal in path-traversal (CVE-2015-4181)
path traversal in path-traversal (CVE-2015-4181). Confidential information can be exposed externally.
CVE-2017-13697 controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable.
controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable.
CVE-2015-8352 Path Traversal in path-traversal (CVE-2015-8352)
path traversal in path-traversal (CVE-2015-8352). Successful exploitation can lead to full system takeover.
CVE-2015-8355 SQL Injection in sqli (CVE-2015-8355)
SQL injection in sqli (CVE-2015-8355). Successful exploitation can lead to full system takeover.
CVE-2017-13671 Cross-Site Scripting (XSS) in misp (CVE-2017-13671)
cross-site scripting in misp (CVE-2017-13671). Risk of unauthorized operations or information disclosure.
CVE-2017-9555 Cross-Site Scripting (XSS) in synology (CVE-2017-9555)
cross-site scripting in synology (CVE-2017-9555). Risk of unauthorized operations or information disclosure.
CVE-2017-12679 SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
CVE-2017-13669 SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php.
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php.
CVE-2017-12970 Cross-Site Request Forgery (CSRF) in csrf (CVE-2017-12970)
vulnerability in csrf (CVE-2017-12970). Successful exploitation can lead to full system takeover.
CVE-2017-12971 Cross-Site Scripting (XSS) in apache2triad (CVE-2017-12971)
cross-site scripting in apache2triad (CVE-2017-12971). Risk of unauthorized operations or information disclosure.
CVE-2017-13137 The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.
The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.
CVE-2017-12978 Cross-Site Scripting (XSS) in cacti (CVE-2017-12978)
cross-site scripting in cacti (CVE-2017-12978). Risk of unauthorized operations or information disclosure.
CVE-2017-12979 Cross-Site Scripting (XSS) in dokuwiki (CVE-2017-12979)
cross-site scripting in dokuwiki (CVE-2017-12979). Risk of unauthorized operations or information disclosure.
CVE-2017-12980 Cross-Site Scripting (XSS) in dokuwiki (CVE-2017-12980)
cross-site scripting in dokuwiki (CVE-2017-12980). Risk of unauthorized operations or information disclosure.
CVE-2017-12981 SQL Injection in sqli (CVE-2017-12981)
SQL injection in sqli (CVE-2017-12981). Successful exploitation can lead to full system takeover.
CVE-2017-12984 Cross-Site Scripting (XSS) in phpmywind (CVE-2017-12984)
cross-site scripting in phpmywind (CVE-2017-12984). Risk of unauthorized operations or information disclosure.
CVE-2017-11366 OS Command Injection in codiad (CVE-2017-11366)
OS command injection in codiad (CVE-2017-11366). Successful exploitation can lead to full system takeover.
CVE-2017-12977 SQL Injection in wordpress (CVE-2017-12977)
SQL injection in wordpress (CVE-2017-12977). Successful exploitation can lead to full system takeover.
CVE-2017-12946 SQL Injection in wordpress (CVE-2017-12946)
SQL injection in wordpress (CVE-2017-12946). Successful exploitation can lead to full system takeover.
CVE-2017-12947 SQL Injection in wordpress (CVE-2017-12947)
SQL injection in wordpress (CVE-2017-12947). Successful exploitation can lead to full system takeover.
CVE-2017-12948 Cross-Site Scripting (XSS) in wordpress (CVE-2017-12948)
cross-site scripting in wordpress (CVE-2017-12948). Risk of unauthorized operations or information disclosure.
CVE-2017-12949 SQL Injection in wordpress (CVE-2017-12949)
SQL injection in wordpress (CVE-2017-12949). Successful exploitation can lead to full system takeover.
CVE-2017-12776 SQL Injection in sqli (CVE-2017-12776)
SQL injection in sqli (CVE-2017-12776). Successful exploitation can lead to full system takeover.
CVE-2017-12680 Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php.
Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php.
CVE-2017-12943 Path Traversal in path-traversal (CVE-2017-12943)
path traversal in path-traversal (CVE-2017-12943). Successful exploitation can lead to full system takeover.
CVE-2017-10665 Path Traversal in path-traversal (CVE-2017-10665)
path traversal in path-traversal (CVE-2017-10665). Successful exploitation can lead to full system takeover.
CVE-2017-12932 Use-After-Free in CVE-2017-12932 (CVE-2017-12932)
vulnerability in CVE-2017-12932 (CVE-2017-12932). Successful exploitation can lead to full system takeover.
CVE-2017-12933 Out-of-Bounds Read in CVE-2017-12933 (CVE-2017-12933)
vulnerability in CVE-2017-12933 (CVE-2017-12933). Successful exploitation can lead to full system takeover.
CVE-2017-12934 Use-After-Free in CVE-2017-12934 (CVE-2017-12934)
vulnerability in CVE-2017-12934 (CVE-2017-12934). Data can be tampered with by attackers.
CVE-2017-12927 Cross-Site Scripting (XSS) in cacti (CVE-2017-12927)
cross-site scripting in cacti (CVE-2017-12927). Risk of unauthorized operations or information disclosure.
CVE-2017-12907 Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.
CVE-2017-12908 SQL Injection in sqli (CVE-2017-12908)
SQL injection in sqli (CVE-2017-12908). Successful exploitation can lead to full system takeover.
CVE-2017-12909 SQL Injection in sqli (CVE-2017-12909)
SQL injection in sqli (CVE-2017-12909). Successful exploitation can lead to full system takeover.
CVE-2017-12910 SQL Injection in sqli (CVE-2017-12910)
SQL injection in sqli (CVE-2017-12910). Successful exploitation can lead to full system takeover.
CVE-2017-11150 OS Command Injection in synology (CVE-2017-11150)
OS command injection in synology (CVE-2017-11150). Successful exploitation can lead to full system takeover.
CVE-2017-12798 Cross-Site Scripting (XSS) in nexusphp-project (CVE-2017-12798)
cross-site scripting in nexusphp-project (CVE-2017-12798). Risk of unauthorized operations or information disclosure.
CVE-2017-12774 SQL Injection in finecms-project (CVE-2017-12774)
SQL injection in finecms-project (CVE-2017-12774). Successful exploitation can lead to full system takeover.
CVE-2017-12777 Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php.
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php.
CVE-2014-9701 Cross-Site Scripting (XSS) in mantisbt (CVE-2014-9701)
cross-site scripting in mantisbt (CVE-2014-9701). Risk of unauthorized operations or information disclosure.
CVE-2017-11151 Authentication Bypass in synology (CVE-2017-11151)
authentication bypass in synology (CVE-2017-11151). Successful exploitation can lead to full system takeover.
CVE-2017-11152 Path Traversal in path-traversal (CVE-2017-11152)
path traversal in path-traversal (CVE-2017-11152). Data can be tampered with by attackers.
CVE-2017-11153 Unsafe Deserialization in deserialization (CVE-2017-11153)
vulnerability in deserialization (CVE-2017-11153). Successful exploitation can lead to full system takeover.
CVE-2017-11154 Unrestricted File Upload in synology (CVE-2017-11154)
vulnerability in synology (CVE-2017-11154). Successful exploitation can lead to full system takeover.
CVE-2017-11155 Vulnerability in synology (CVE-2017-11155)
vulnerability in synology (CVE-2017-11155). Confidential information can be exposed externally.
CVE-2017-12655 Cross-Site Scripting (XSS) in nexusphp-project (CVE-2017-12655)
cross-site scripting in nexusphp-project (CVE-2017-12655). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →